AWS ALB 开启Access Log教程

参考Video: https://www.youtube.com/watch?v=0ito7bNnEYQ

参考官方文档:https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html#verify-bucket-permissions

1. 需要创建S3 Bucket , 记得需要block完所有的public access

注意:S3和ALB必须是同一个Region

2. 需要添加bucket policy , 需要把 YourBucketName改成你的S3 bucket名,YourAwsAccountNumber就改成你的AWS户口号

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Principal": {
				"Service": "logdelivery.elasticloadbalancing.amazonaws.com"
			},
			"Action": "s3:PutObject",
			"Resource": "arn:aws:s3:::YourBucketName/AWSLogs/YourAwsAccountNumber/*"
		},
		{
			"Effect": "Allow",
			"Principal": {
				"Service": "logdelivery.elasticloadbalancing.amazonaws.com"
			},
			"Action": "s3:ListBucket",
			"Resource": "arn:aws:s3:::YourBucketName"
		}
	]
}

3. 去到ALB Detail Page ,点击Attributes tab 然后点击Edit

4. 勾选Access Logs 然后选择这你的S3 Bucket 最后就保存,那么成功了!

开启Access Log 之后,需要使用Athena进行查询,可以参考这文章:https://www.pangzai.win/aws-%e4%bd%bf%e7%94%a8athena-%e6%90%9c%e5%af%bbalb-access-log%e6%95%99%e7%a8%8b/

Loading

Facebook评论

Related Posts